<!DOCTYPE html><html lang="zh-CN"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="theme-color" content="black"><meta name="author" content="李子康"><meta name="copyright" content="李子康"><meta name="generator" content="Hexo 4.2.1"><meta name="theme" content="hexo-theme-yun"><title>信息安全 实验四、web安全 | Lizikang_Blog</title><link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Noto+Serif+SC:wght@900&amp;display=swap" media="none" onload="this.media='all'"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/star-markdown-css@0.1.11/dist/yun/yun-markdown.min.css"><script src="//at.alicdn.com/t/font_1140697_stqaphw3j4.js" async></script><script src="https://cdn.jsdelivr.net/npm/scrollreveal/dist/scrollreveal.min.js" defer></script><script>document.addEventListener("DOMContentLoaded", () => {
  [".post-card",".post-content img"].forEach((target)=> {
    ScrollReveal().reveal(target);
  })
});
</script><script src="https://cdn.jsdelivr.net/npm/pjax@latest/pjax.min.js" defer></script><script src="/js/pjax.js" defer></script><link rel="shortcut icon" type="image/svg+xml" href="/images/%E7%9A%AE%E5%8D%A1%E4%B8%98-2.ico"><link rel="mask-icon" href="/images/%E7%9A%AE%E5%8D%A1%E4%B8%98-2.ico" color="black"><link rel="alternate icon" href="/yun.ico"><link rel="preload" href="/css/hexo-theme-yun.css" as="style"><link rel="preload" href="/js/utils.js" as="script"><link rel="preload" href="/js/hexo-theme-yun.js" as="script"><link rel="prefetch" href="/js/sidebar.js" as="script"><link rel="preconnect" href="https://cdn.jsdelivr.net" crossorigin><link rel="stylesheet" href="/css/hexo-theme-yun.css"><link rel="alternate" href="/atom.xml" title="Lizikang_Blog"><script id="yun-config">
    const Yun = window.Yun || {};
    window.CONFIG = {"root":"/","title":["Li","Zi","Kang","Blog"],"version":"0.9.2","anonymous_image":"https://cdn.jsdelivr.net/gh/YunYouJun/cdn/img/avatar/none.jpg","say":{"api":"https://v1.hitokoto.cn","hitokoto":true},"fireworks":{"colors":["102, 167, 221","62, 131, 225","33, 78, 194"]}};
  </script><script src="//at.alicdn.com/t/font_1929835_1z6thct9lfe.js" async></script><meta name="description" content="实验四、web安全[TOC] 一、实验目的及要求1．熟悉浏览器安全的方法； 2．了解网页编程中SQL注入手段和防范措施； 3．强化动态网页设计安全意识。 二、实验学时2学时 三、实验任务掌握浏览器与动态网页设计的安全技术手段 四、实验重点、难点动态网页设计的安全技术 五、实验过程：1、web浏览器比如IE浏览器的安全技术手段有哪些？请尽可能列出来。答： 1.白名单 2.禁用或限制使用Java程序及">
<meta property="og:type" content="article">
<meta property="og:title" content="信息安全 实验四、web安全">
<meta property="og:url" content="http://yoursite.com/2021/05/26/%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8/%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E5%AE%9E%E9%AA%8C4/index.html">
<meta property="og:site_name" content="Lizikang_Blog">
<meta property="og:description" content="实验四、web安全[TOC] 一、实验目的及要求1．熟悉浏览器安全的方法； 2．了解网页编程中SQL注入手段和防范措施； 3．强化动态网页设计安全意识。 二、实验学时2学时 三、实验任务掌握浏览器与动态网页设计的安全技术手段 四、实验重点、难点动态网页设计的安全技术 五、实验过程：1、web浏览器比如IE浏览器的安全技术手段有哪些？请尽可能列出来。答： 1.白名单 2.禁用或限制使用Java程序及">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps1-1622253256209.jpg">
<meta property="og:image" content="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps2-1622253256166.jpg">
<meta property="og:image" content="http://yoursite.com/%E7%AC%94%E8%AE%B0%E5%85%A8/img/wps3-1622253256165.jpg">
<meta property="og:image" content="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps4-1622253256166.jpg">
<meta property="og:image" content="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps5-1622253256166.jpg">
<meta property="og:image" content="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps6-1622253256244.jpg">
<meta property="og:image" content="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps8-1622253256246.jpg">
<meta property="og:image" content="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps10-1622253256245.jpg">
<meta property="og:image" content="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps11-1622253256246.jpg">
<meta property="og:image" content="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps12-1622253256286.jpg">
<meta property="article:published_time" content="2021-05-25T16:00:00.000Z">
<meta property="article:modified_time" content="2021-06-01T14:57:40.237Z">
<meta property="article:author" content="李子康">
<meta property="article:tag" content="信息安全">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps1-1622253256209.jpg"><script src="/js/ui/mode.js"></script><link rel="alternate" href="/atom.xml" title="Lizikang_Blog" type="application/atom+xml">
</head><body><script defer src="https://cdn.jsdelivr.net/npm/animejs@latest/anime.min.js"></script><script defer src="/js/ui/fireworks.js"></script><canvas class="fireworks"></canvas><div class="container"><a class="sidebar-toggle hty-icon-button" id="menu-btn"><div class="hamburger hamburger--spin" type="button"><span class="hamburger-box"><span class="hamburger-inner"></span></span></div></a><div class="sidebar-toggle sidebar-overlay"></div><aside class="sidebar"><script defer src="/js/sidebar.js"></script><ul class="sidebar-nav"><li class="sidebar-nav-item sidebar-nav-toc hty-icon-button sidebar-nav-active" data-target="post-toc-wrap" title="文章目录"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-list-ordered"></use></svg></li><li class="sidebar-nav-item sidebar-nav-overview hty-icon-button" data-target="site-overview-wrap" title="站点概览"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-passport-line"></use></svg></li></ul><div class="sidebar-panel" id="site-overview-wrap"><div class="site-info fix-top"><a class="site-author-avatar" href="/about/" title="李子康"><img width="96" loading="lazy" src="/images/bak.jpg" alt="李子康"></a><div class="site-author-name"><a href="/about/">李子康</a></div><a class="site-name" href="/about/site.html">Lizikang_Blog</a><sub class="site-subtitle"></sub><div class="site-desciption">个人技术博客</div></div><nav class="site-state"><a class="site-state-item hty-icon-button icon-home" href="/" title="我的主页"><span class="site-state-item-icon"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-home-4-line"></use></svg></span></a><div class="site-state-item"><a href="/archives/" title="归档"><span class="site-state-item-icon"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-archive-line"></use></svg></span><span class="site-state-item-count">27</span></a></div><div class="site-state-item"><a href="/categories/" title="分类"><span class="site-state-item-icon"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-folder-2-line"></use></svg></span><span class="site-state-item-count">13</span></a></div><div class="site-state-item"><a href="/tags/" title="标签"><span class="site-state-item-icon"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-price-tag-3-line"></use></svg></span><span class="site-state-item-count">9</span></a></div><a class="site-state-item hty-icon-button" href="https://yun.yunyoujun.cn" target="_blank" rel="noopener" title="文档"><span class="site-state-item-icon"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-settings-line"></use></svg></span></a></nav><hr style="margin-bottom:0.5rem"><div class="links-of-author"><a class="links-of-author-item hty-icon-button" rel="noopener" href="https://wpa.qq.com/msgrd?v=3&amp;uin=1191787635&amp;site=qq&amp;menu=yes" title="QQ" target="_blank" style="color:#12B7F5"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-qq-line"></use></svg></a><a class="links-of-author-item hty-icon-button" rel="noopener" href="https://github.com/lizikanglzk" title="GitHub" target="_blank" style="color:#181717"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-github-line"></use></svg></a><a class="links-of-author-item hty-icon-button" rel="noopener" href="mailto:1191787635@qq.com" title="E-Mail" target="_blank" style="color:#8E71C1"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-mail-line"></use></svg></a><a class="links-of-author-item hty-icon-button" rel="noopener" href="https://gitee.com/li_zikang" title="gitee" target="_blank" style="color:#E6162D"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-gitee-copy"></use></svg></a><a class="links-of-author-item hty-icon-button" rel="noopener" href="https://music.163.com/#/user/home?id=506556053" title="网易云音乐" target="_blank" style="color:#C10D0C"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-netease-cloud-music-line"></use></svg></a><a class="links-of-author-item hty-icon-button" rel="noopener" href="https://blog.csdn.net/qq_43845915" title="csdn" target="_blank" style="color:#007722"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-csdn11"></use></svg></a><a class="links-of-author-item hty-icon-button" rel="noopener" href="https://www.zhihu.com/people/zou-guo-lu-guo-bu-yao-cuo-guo-88" title="知乎" target="_blank" style="color:#0084FF"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-zhihu-line"></use></svg></a><a class="links-of-author-item hty-icon-button" rel="noopener" href="https://space.bilibili.com/352594163" title="哔哩哔哩动画" target="_blank" style="color:#FF8EB3"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-bilibili-line"></use></svg></a><a class="links-of-author-item hty-icon-button" rel="noopener" title="微信" target="_blank" style="color:#1AAD19"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-wechat-2-line"></use></svg></a><a class="links-of-author-item hty-icon-button" rel="noopener" href="/atom.xml" title="RSS" target="_blank" style="color:orange"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-rss-line"></use></svg></a><a class="links-of-author-item hty-icon-button" rel="noopener" href="/game1" title="Telegram Channel" target="_blank" style="color:#0088CC"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-youxi-copy-copy"></use></svg></a><a class="links-of-author-item hty-icon-button" rel="noopener" href="https://travellings.now.sh/" title="Travelling" target="_blank" style="color:var(--hty-text-color)"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-send-plane-2-line"></use></svg></a></div><hr style="margin:0.5rem 1rem"><div class="links"><a class="links-item hty-icon-button" href="/links/" title="我的小伙伴们" style="color:dodgerblue"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-men-line"></use></svg></a><a class="links-item hty-icon-button" href="/girls/" title="我的老婆们" style="color:#FF8EB3"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-women-line"></use></svg></a></div><br><a class="links-item hty-icon-button" id="toggle-mode-btn" href="javascript:;" title="Mode" style="color: #f1cb64"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-contrast-2-line"></use></svg></a></div><div class="sidebar-panel sidebar-panel-active" id="post-toc-wrap"><div class="post-toc"><div class="post-toc-content"><ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#实验四、web安全"><span class="toc-text">实验四、web安全</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#一、实验目的及要求"><span class="toc-text">一、实验目的及要求</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#二、实验学时"><span class="toc-text">二、实验学时</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#三、实验任务"><span class="toc-text">三、实验任务</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#四、实验重点、难点"><span class="toc-text">四、实验重点、难点</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#五、实验过程："><span class="toc-text">五、实验过程：</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#1、web浏览器比如IE浏览器的安全技术手段有哪些？请尽可能列出来。"><span class="toc-text">1、web浏览器比如IE浏览器的安全技术手段有哪些？请尽可能列出来。</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2、动态网页设计请采用C-net实现一个登录案例，本案例中防范SQL注入有哪些措施？写出详细的设计与实现过程。"><span class="toc-text">2、动态网页设计请采用C#.net实现一个登录案例，本案例中防范SQL注入有哪些措施？写出详细的设计与实现过程。</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#3、上述登录案例中加验证码有什么好处？哪一种验证码相对安全？"><span class="toc-text">3、上述登录案例中加验证码有什么好处？哪一种验证码相对安全？</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#4、在web安全有哪些安全措施？请尽可能列出来。"><span class="toc-text">4、在web安全有哪些安全措施？请尽可能列出来。</span></a></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#六、实验小结（100字左右）"><span class="toc-text">六、实验小结（100字左右）</span></a></li></ol></li></ol></div></div></div></aside><main class="sidebar-translate" id="content"><div id="post"><article class="post-block" itemscope itemtype="https://schema.org/Article"><link itemprop="mainEntityOfPage" href="http://yoursite.com/2021/05/26/%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8/%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E5%AE%9E%E9%AA%8C4/"><span hidden itemprop="author" itemscope itemtype="https://schema.org/Person"><meta itemprop="name" content="李子康"><meta itemprop="description"></span><span hidden itemprop="publisher" itemscope itemtype="https://schema.org/Organization"><meta itemprop="name" content="Lizikang_Blog"></span><header class="post-header"><h1 class="post-title" itemprop="name headline">信息安全 实验四、web安全</h1><div class="post-meta"><div class="post-time" style="display:inline-block"><span class="post-meta-item-icon"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-calendar-line"></use></svg></span> <time title="创建时间：2021-05-26 00:00:00" itemprop="dateCreated datePublished" datetime="2021-05-26T00:00:00+08:00">2021-05-26</time><span class="post-meta-divider">-</span><span class="post-meta-item-icon"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-calendar-2-line"></use></svg></span> <time title="修改时间：2021-06-01 22:57:40" itemprop="dateModified" datetime="2021-06-01T22:57:40+08:00">2021-06-01</time></div><span class="post-busuanzi"><span class="post-meta-divider">-</span><span class="post-meta-item-icon" title="阅读次数"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-eye-line"></use></svg> <span id="busuanzi_value_page_pv"></span></span></span><div class="post-classify"><span class="post-category"><span class="post-meta-item-icon"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-folder-line"></use></svg></span> <span itemprop="about" itemscope itemtype="https://schema.org/Thing"><a class="category" href="/categories/%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8/" style="--text-color:var(--hty-text-color)" itemprop="url" rel="index"><span itemprop="text">信息安全</span></a></span> > <span itemprop="about" itemscope itemtype="https://schema.org/Thing"><a class="category" href="/categories/%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8/%E5%AE%9E%E9%AA%8C/" style="--text-color:var(--hty-text-color)" itemprop="url" rel="index"><span itemprop="text">实验</span></a></span></span><span class="post-tag"><span class="post-meta-divider">-</span><a class="tag" href="/tags/%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8/" style="--text-color:var(--hty-text-color)"><span class="post-meta-item-icon"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-price-tag-3-line"></use></svg></span><span class="tag-name">信息安全</span></a></span></div></div></header><section class="post-body" itemprop="articleBody"><div class="post-content markdown-body" style="--smc-primary:black;"><h2 id="实验四、web安全"><a href="#实验四、web安全" class="headerlink" title="实验四、web安全"></a>实验四、web安全</h2><p>[TOC]</p>
<h3 id="一、实验目的及要求"><a href="#一、实验目的及要求" class="headerlink" title="一、实验目的及要求"></a>一、实验目的及要求</h3><p>1．熟悉浏览器安全的方法；</p>
<p>2．了解网页编程中SQL注入手段和防范措施；</p>
<p>3．强化动态网页设计安全意识。</p>
<h3 id="二、实验学时"><a href="#二、实验学时" class="headerlink" title="二、实验学时"></a>二、实验学时</h3><p>2学时</p>
<h3 id="三、实验任务"><a href="#三、实验任务" class="headerlink" title="三、实验任务"></a>三、实验任务</h3><p>掌握浏览器与动态网页设计的安全技术手段</p>
<h3 id="四、实验重点、难点"><a href="#四、实验重点、难点" class="headerlink" title="四、实验重点、难点"></a>四、实验重点、难点</h3><p>动态网页设计的安全技术</p>
<h3 id="五、实验过程："><a href="#五、实验过程：" class="headerlink" title="五、实验过程："></a>五、实验过程：</h3><h4 id="1、web浏览器比如IE浏览器的安全技术手段有哪些？请尽可能列出来。"><a href="#1、web浏览器比如IE浏览器的安全技术手段有哪些？请尽可能列出来。" class="headerlink" title="1、web浏览器比如IE浏览器的安全技术手段有哪些？请尽可能列出来。"></a>1、web浏览器比如IE浏览器的安全技术手段有哪些？请尽可能列出来。</h4><p>答：</p>
<p>1.白名单</p>
<p>2.禁用或限制使用Java程序及ActiveX控件</p>
<p>3.防止泄露自己的信息</p>
<p>4.清除已浏览过的网址</p>
<p>5.清除已访问过的网页</p>
<p>6.永远不怕IE主页地址被修改</p>
<p>7.挖出IE本地安全配置选项</p>
<p>8.在DOS下打开”Internet属性”窗口</p>
<p>9.解除IE的分级审查口令</p>
<p>10.预防网页恶意代码</p>
<p>11.管理好Cookie</p>
<h4 id="2、动态网页设计请采用C-net实现一个登录案例，本案例中防范SQL注入有哪些措施？写出详细的设计与实现过程。"><a href="#2、动态网页设计请采用C-net实现一个登录案例，本案例中防范SQL注入有哪些措施？写出详细的设计与实现过程。" class="headerlink" title="2、动态网页设计请采用C#.net实现一个登录案例，本案例中防范SQL注入有哪些措施？写出详细的设计与实现过程。"></a>2、动态网页设计请采用C#.net实现一个登录案例，本案例中防范SQL注入有哪些措施？写出详细的设计与实现过程。</h4><p>答：</p>
<blockquote>
<p>详细见我另一篇博客</p>
<p><a href="https://blog.csdn.net/qq_43845915/article/details/117291181" target="_blank" rel="noopener">C#.net实现一个登录案例</a></p>
<p>下为<strong>缩减版</strong></p>
</blockquote>
<p><strong>Mysql数据库设计：</strong></p>
<p><img src="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps1-1622253256209.jpg" alt="img" loading="lazy"> </p>
<p><strong>插入数据：</strong></p>
<p><img src="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps2-1622253256166.jpg" alt="img" loading="lazy"> </p>
<p><strong>项目设计：</strong></p>
<p><img src="../../../../../%E7%AC%94%E8%AE%B0%E5%85%A8/img/wps3-1622253256165.jpg" alt="img" loading="lazy"> </p>
<p><strong>Login.aspx</strong></p>
<p><img src="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps4-1622253256166.jpg" alt="img" loading="lazy"> </p>
<p><strong>Login.aspx.cs</strong></p>
<p>对登录按钮写脚本：</p>
<p><img src="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps5-1622253256166.jpg" alt="img" loading="lazy"> </p>
<p><strong><em>页面测试：</em></strong></p>
<p><strong>登录成功：</strong></p>
<p><img src="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps6-1622253256244.jpg" alt="img" loading="lazy"> </p>
<p><img src="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps8-1622253256246.jpg" alt="img" loading="lazy"> </p>
<p><strong>sql 注入攻击</strong></p>
<p><img src="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps10-1622253256245.jpg" alt="img" loading="lazy"> </p>
<p><img src="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps11-1622253256246.jpg" alt="img" loading="lazy"> </p>
<p><img src="https://gitee.com/li_zikang/lzk-image/raw/master/img/wps12-1622253256286.jpg" alt="img" loading="lazy"> </p>
<h4 id="3、上述登录案例中加验证码有什么好处？哪一种验证码相对安全？"><a href="#3、上述登录案例中加验证码有什么好处？哪一种验证码相对安全？" class="headerlink" title="3、上述登录案例中加验证码有什么好处？哪一种验证码相对安全？"></a>3、上述登录案例中加验证码有什么好处？哪一种验证码相对安全？</h4><p>答：</p>
<p>可以防止恶意破解密码、刷票、论坛灌水，有效防止某个黑客对某一个特定注册用户用特定程序暴力破解方式进行不断的登陆尝试，实际上用验证码是现在很多网站通行的方式，利用比较简易的方式实现了这个功能。</p>
<p>常用验证码：</p>
<p>图形验证码 </p>
<p>短信验证码</p>
<p>语音验证码</p>
<p>滑动验证码</p>
<p>相对安全：点触式和滑动式的验证码，通过采集用户当前各种的参数行为（行为轨距，操作时间，当前环境等等）来判断是否为机器行为。在用户体验上，手机端不是很建议使用选字类型的验证码，对于非大屏的手机不是很友好。在安全性上，这类验证码要比其他验证码破解成本高</p>
<h4 id="4、在web安全有哪些安全措施？请尽可能列出来。"><a href="#4、在web安全有哪些安全措施？请尽可能列出来。" class="headerlink" title="4、在web安全有哪些安全措施？请尽可能列出来。"></a>4、在web安全有哪些安全措施？请尽可能列出来。</h4><p>答：</p>
<p> <strong>HTTP Basic验证</strong></p>
<p>这种验证成为HTTP基本验证，它是由HTTP1.1规范定义的，这是一种保护资源的最简单和最常用的验证机制。当浏览器请求任何受保护资源时，服务器都要求一个用户名和口令。如果用户输入了一个合法的用户名和口令，服务器才发送资源。</p>
<p>HTTP基本验证的优点是：实现较容易，所有的浏览器都支持。缺点是：因为用户名和口令没有被加密，而是采用Base64编码，所以是不安全的；不能自定义对话框的外观</p>
<p><strong><em>HTTP Digest验证</em></strong></p>
<p>这种验证称为HTTP摘要验证，它除了口令是以加密的方式发送，其他与基本验证都一样，但比基本验证全。</p>
<p>HTTP摘要验证的优点有：比基本验证安全；缺点：只能被IE5以上版本支持；许多Servlet容器不支持，因为规范并没有强制要求。</p>
<p><strong><em>FORM-based验证</em></strong></p>
<p>这种验证称为基本表单的验证，它类似于基本验证，但它使用用户自定义的表单来获得用户名和口令而不是使用浏览器的弹出对话框。开发人员必须创建表单的HTTP页面，对表单外观可以定制。</p>
<p>基本验证表单的优点是：所有的浏览器都支持，而容易实现。客观可以定制登录页面的外观。缺点是：它不是安全的，用户名/口令没有加密。</p>
<p><strong><em>HTTPS Client验证</em></strong></p>
<p>这种验证称为客户证书验证。它采用HTTPS传输信息。HTTPS是在安全套接层（Secure Socket Layer,SSL）之上的HTTP,SSL可以保证Internet上敏感数据传输的保密性。在这样机制中，当浏览器和服务器之间建立起SSL连接后，所有数据都以加密的形式传输。</p>
<p>优点：它是4中验证类型中最安全的，所有常用浏览器都支持；缺点：它需要一个证书授权机构（如VeriSign）的证书；它的实现和维护的成本较高。</p>
<p><strong><em>什么是Sql注入？</em></strong></p>
<p>就是通过把SQL命令插入到Web表单递交或输入域名或页面请求的查询字符串，最终达到欺骗服务器执行恶意的SQL命令</p>
<p>防护Sql注入：</p>
<p>1、永远不要信任用户的输入，要对用户的输入进行校验，可以通过正则表达式，或限制长度，对单引号和双”-“进行转换等；</p>
<p>2、永远不要使用动态拼装SQL，可以使用参数化的SQL或者直接使用存储过程进行数据查询存取；</p>
<p>3、永远不要使用管理员权限的数据库连接，为每个应用使用单独的权限有限的数据库连接；</p>
<p>4、不要把机密信息明文存放，请加密或者hash掉密码和敏感的信息。</p>
<p><strong><em>CSRF攻击是什么 ？</em></strong></p>
<p>　　英文全称是Cross-Site-Request-Forgery 即 跨站请求伪造，顾名思义 CSRF攻击就是黑客引诱用户打开黑客的网站，利用用户的登录状态发起跨站请求。</p>
<p>防护CSRF攻击：</p>
<p>1、针对实际情况，设置 Cookie 的 SameSite 属性为 Strict 或 Lax</p>
<p>2、服务端验证请求来源（Referer，Origin）</p>
<p>3、使用CSRF Token ，服务端随机生成返回给浏览器的Token</p>
<p>4、加入二次验证（独立的支付密码）</p>
<h3 id="六、实验小结（100字左右）"><a href="#六、实验小结（100字左右）" class="headerlink" title="六、实验小结（100字左右）"></a>六、实验小结（100字左右）</h3><p>本次实验学习了用c#开发登录界面，在开发过程中虽然有些许的困难，但最后不断学习，提升了。受益匪浅，也学习到sql攻击，今后数据库设计和后台代码编程将会更加注意信息安全这方面。本次实验学会了很多，期待下一次的实验。</p>
</div></section></article><div class="post-nav"><div class="post-nav-item"><a class="post-nav-prev" href="/2021/05/28/%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8/%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E5%AE%9E%E9%AA%8C5/" rel="prev" title="信息安全 实验五、Windows安全策略"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-arrow-left-s-line"></use></svg><span class="post-nav-text">信息安全 实验五、Windows安全策略</span></a></div><div class="post-nav-item"><a class="post-nav-next" href="/2021/05/26/%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8/%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E5%AE%9E%E7%8E%B0%E4%B8%80%E4%B8%AA%E7%99%BB%E5%BD%95%E6%A1%88%E4%BE%8B/" rel="next" title="C#.net实现一个登录案例"><span class="post-nav-text">C#.net实现一个登录案例</span><svg class="icon" aria-hidden="true"><use xlink:href="#icon-arrow-right-s-line"></use></svg></a></div></div></div><div id="comment"><div class="comment-tooltip text-center"></div><div id="valine-container"></div><script src="https://cdn.jsdelivr.net/npm/valine@latest/dist/Valine.min.js"></script><script>function initValine() {
  const valineConfig = {"enable":true,"appId":"q22e7srtjevOqYmzusWCYIru-gzGzoHsz","appKey":"PMyzTxHUFQ77nPj1IWMcMDK3","placeholder":"畅所欲言！","avatar":null,"meta":["nick","mail","link"],"pageSize":10,"visitor":false,"highlight":true,"recordIP":false,"enableQQ":true,"el":"#valine-container","lang":"zh-cn"}
  valineConfig.path = window.location.pathname
  new Valine(valineConfig)
}
setTimeout(initValine, 1000)</script></div></main><footer class="sidebar-translate" id="footer"><div class="copyright"><span>&copy; 2020 – 2022 </span><span class="with-love" id="animate"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-cloud-line"></use></svg></span><span class="author"> 李子康</span></div><div class="powered"><span>由 <a href="https://hexo.io" target="_blank" rel="noopener">Hexo</a> 驱动 v4.2.1</span><span class="footer-separator">|</span><span>主题 - <a rel="noopener" href="https://github.com/YunYouJun/hexo-theme-yun" target="_blank"><span>Yun</span></a> v0.9.2</span></div><div class="live_time"><span>本博客已萌萌哒地运行</span><span id="display_live_time"></span><span class="moe-text">(●'◡'●)</span><script>function blog_live_time() {
  window.setTimeout(blog_live_time, 1000);
  const start = new Date('2020-07-05T00:00:00');
  const now = new Date();
  const timeDiff = (now.getTime() - start.getTime());
  const msPerMinute = 60 * 1000;
  const msPerHour = 60 * msPerMinute;
  const msPerDay = 24 * msPerHour;
  const passDay = Math.floor(timeDiff / msPerDay);
  const passHour = Math.floor((timeDiff % msPerDay) / 60 / 60 / 1000);
  const passMinute = Math.floor((timeDiff % msPerHour) / 60 / 1000);
  const passSecond = Math.floor((timeDiff % msPerMinute) / 1000);
  display_live_time.innerHTML = " " + passDay + " 天 " + passHour + " 小时 " + passMinute + " 分 " + passSecond + " 秒";
}
blog_live_time();
</script></div><div id="busuanzi"><script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script><span id="busuanzi_container_site_uv" title="总访客量"><span><svg class="icon" aria-hidden="true"><use xlink:href="#icon-user-line"></use></svg></span><span id="busuanzi_value_site_uv"></span></span><span class="footer-separator">|</span><span id="busuanzi_container_site_pv" title="总访问量"><span><svg class="icon" aria-hidden="true"><use xlink:href="#icon-eye-line"></use></svg></span><span id="busuanzi_value_site_pv"></span></span></div></footer><a class="hty-icon-button" id="goUp" aria-label="back-to-top" href="#"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-arrow-up-s-line"></use></svg><svg class="progress-circle-container" viewBox="0 0 100 100"><circle class="progress-circle" id="progressCircle" cx="50" cy="50" r="48" fill="none" stroke="black" stroke-width="2" stroke-linecap="round"></circle></svg></a></div><script defer src="/js/utils.js"></script><script defer src="/js/hexo-theme-yun.js"></script><script defer src="/js/player.js"></script></body></html>